Texas Risk and Authorization Management Program (TX-RAMP)

In the 87th Legislative Session, the Texas Legislature passed Senate Bill 475, requiring the Texas Department of Information Resources (DIR) to establish a state risk and authorization management program that provides “a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.” To comply, DIR established a framework for collecting information about cloud services security posture and assessing responses for compliance with required controls and documentation. Texas Government Code 2054.0593 mandates that state agencies as defined by Texas Government Code 2054.003(13) must only enter or renew contracts to receive cloud computing services that comply with TX-RAMP requirements beginning January 1, 2022.  Learn more about TX-RAMP